CVE-2025-67824

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.1 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N                                    

Vulnerability Description

The WorklogPRO - Jira Timesheets plugin in the Jira Data Center before 4.24.2-jira9, 4.24.2-jira10 and 4.24.2-jira11 allows attackers to inject arbitrary HTML or JavaScript via XSS. This is exploited via a crafted payload placed in the name of a filter. This code is executed in the browser when the user attempts to create a timesheet with the filter timesheet type on the custom timesheet dialog because the filter name is not properly sanitized during the action.

Vulnerability Details

Published Date

January 20, 2026

Last Modified

January 26, 2026

CWE ID

CWE-79

Source

NVD

Vendor

n/a

Product

n/a

External References

https://marketplace.atlassian.com/apps/1212626/worklogpro-timesheets-for-jira/version-history
https://thestarware.atlassian.net/wiki/x/CAAdyg

CVE-2025-67824

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment